OPNsense Router / Firewall in Proxmox VM

[Bauanga]

Hello dear community,

I would really appreciate a step by step tutorial on the video "Physical or Virtual? A Silent 4x 2.5GbE Proxmox VE pfSense and OPNsense Box".

My goal would be to run an Opnsense firewall / router VM in Proxmox. Internet should be sent directly to the router VM. This then builds an internal LAN to which all VM's, LXC's, the Proxmox host and all devices in the home network are connected. There would be no additional router but only a DSL modem. It would be important that the Proxmox Host is not connected to the internet through a wrong bridge without protection. In addition, the Proxmox host should remain accessible through a physical Ethernet port in case the router VM crashes.

I would really appreciate to benefit from your expertise.

Best regards!

 

[Bauanga]

With step by step tutorial I mean the network configuration.

 

[Jackomonster]

were you able to find any guide?

 

[zer0sum]

It's absolutely trivial to setup and doesn't really need a guide.

1. Create a bridge facing the internet.
   1. Call it wan
   2. Assign your physical network card/port
2. Create a bridge facing the internal network
   1. Call it lan
   2. Assign your physical network card/port
3. Create a bridge that is internal only called dmz
   1. Don't assign any physical network card/port

Assign the network interfaces to OPNsense and any other virtual machines that need them


Configure OPNsense with lan, wan, dmz

 

[Jackomonster]

It's absolutely trivial to setup and doesn't really need a guide.

1. Create a bridge facing the internet.
   1. Call it wan
   2. Assign your physical network card/port
2. Create a bridge facing the internal network
   1. Call it lan
   2. Assign your physical network card/port
3. Create a bridge that is internal only called dmz
   1. Don't assign any physical network card/port

View attachment 31122

Assign the network interfaces to OPNsense and any other virtual machines that need them
View attachment 31123

Configure OPNsense with lan, wan, dmz

thanks for the help and pcitures, but in this setup the nic are bridged and not passthrough, right?

 

[zer0sum]

thanks for the help and pcitures, but in this setup the nic are bridged and not passthrough, right?

if you’re doing passthrough, you’d just assign the correct PCIe devices to the OPNsense guest instead of Linux bridges

 

[demiGod095]

Is there a guide on how to set this all up from the beginning?
I have just managed to install proxmox, and enable VT-d on a 4 port Intel i-226 N100 PC.

Patrick mentioned how he prefers the 4 ports to be setup in a virtual environment, but how to actually set these up?
I am new to all this. Any input would be splendid.

Thank you.

 

[heromode]

if you’re doing passthrough, you’d just assign the correct PCIe devices to the OPNsense guest instead of Linux bridges

If you're looking to do passthrough in proxmox (which is how i would setup the opnsense vm) then maybe my systemd script for partitioning and detaching a solarflare card in proxmox could help, you'd just have to adapt it to intel.

It might save you a bunch of time and effort, as i have tuned the script so the interfaces are created before proxmox starts the networking and firewall services at boot, and are destroyed after networking is disabled during shutdown/reboot. This avoids any systemd errors/delays at shutdown/reboot, and also enables you to assign some nic partitions to proxmox itself, while assigning others to VM's.

It also supports systemd stop and restart commands. I spent quite awhile perfecting it, since i found no other good examples on the net. So far it has worked flawlessly through multiple proxmox upgrades, up to latest version.

https://forums.servethehome.com/ind...-and-detaching-solarflare-sfn7x22f-vfs.39701/